In the not so distant past, ConfD instrumentation applications communicated with the ConfD over trusted networks within physical network equipment. As technology has evolved and virtual environments such as NFV and Cloud-Native have emerged, this can no longer be assumed to be the case. In the network element management world of today, use cases where the ConfD daemon and ConfD applications need to communicate over untrusted networks are becoming more common.
While ConfD does provide a basic authentication mechanism which ConfD applications can use when making API calls via Inter-Process Communication (IPC) to the ConfD daemon, there is becoming a need to both authenticate and encrypt the IPC.
This month’s application note discusses the topic of and potential solutions for securing communications between the ConfD daemon and ConfD applications. An example is provided which shows how simple and easy it is to use stunnel to provide authentication and encryption between ConfD applications and the ConfD daemon.